13 matches found
EUVD-2021-11167
Malware in sbrugna...
CVE-2021-24253
The Classyfrieds WordPress plugin through 3.8 does not properly check the uploaded file when an authenticated user adds a listing, only checking the content-type in the request. This allows any authenticated user to upload arbitrary PHP files via the Add Listing feature of the plugin, leading to...
The vulnerability of the Classyfrieds plugin, which allows for unlimited loading of dangerous types of files, enables attackers to load and execute arbitrary files.
The vulnerability of the Classyfrieds plugin is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows a remote attacker to load and execute arbitrary files...
WordPress Classyfrieds Plugin Remote Code Execution Vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A remote code execution vulnerability exists in WordPress Classyfrieds Plugin 3.8 and earlier...
CVE-2021-24253
The Classyfrieds WordPress plugin through 3.8 does not properly check the uploaded file when an authenticated user adds a listing, only checking the content-type in the request. This allows any authenticated user to upload arbitrary PHP files via the Add Listing feature of the plugin, leading to...
CVE-2021-24253
The Classyfrieds WordPress plugin through 3.8 does not properly check the uploaded file when an authenticated user adds a listing, only checking the content-type in the request. This allows any authenticated user to upload arbitrary PHP files via the Add Listing feature of the plugin, leading to...
Cross site request forgery (csrf)
The Classyfrieds WordPress plugin through 3.8 does not properly check the uploaded file when an authenticated user adds a listing, only checking the content-type in the request. This allows any authenticated user to upload arbitrary PHP files via the Add Listing feature of the plugin, leading to...
WordPress 代码问题漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A remote code execution vulnerability exists in WordPress Classyfrieds Plugin 3.8 and earlier...
CVE-2021-24253
CVE-2021-24253 concerns the WordPress plugin Classyfrieds (
CVE-2021-24253 Classyfrieds <= 3.8 - Authenticated Arbitrary File Upload to RCE
The Classyfrieds WordPress plugin through 3.8 does not properly check the uploaded file when an authenticated user adds a listing, only checking the content-type in the request. This allows any authenticated user to upload arbitrary PHP files via the Add Listing feature of the plugin, leading to...
Classyfrieds <= 3.8 - Authenticated Arbitrary File Upload to RCE
The plugin does not properly check the uploaded file when an authenticated user adds a listing, only checking the content-type in the request. This allows any authenticated user to upload arbitrary PHP files via the Add Listing feature of the plugin, leading to RCE. PoC POST /addalisting/ HTTP/1....
Classyfrieds <= 3.8 - Authenticated Arbitrary File Upload to RCE
The plugin does not properly check the uploaded file when an authenticated user adds a listing, only checking the content-type in the request. This allows any authenticated user to upload arbitrary PHP files via the Add Listing feature of the plugin, leading to RCE. POST /addalisting/ HTTP/1.1...
WordPress Classyfrieds plugin <= 3.8 - Authenticated Arbitrary File Upload vulnerability leading to Remote Code Execution (RCE)
Authenticated Arbitrary File Upload vulnerability leading to Remote Code Execution RCE discovered by Jin Huang in WordPress Classyfrieds plugin versions = 3.8. Solution This plugin has been closed as of December 24, 2018 and is not available for download. Reason: Guideline Violation...